JWT Decoder

A JWT (JSON Web Token) is a compact, URL-safe token format used for authentication and information exchange. It consists of three Base64-encoded parts separated by dots: header.payload.signature. JWTs are the standard for modern API authentication, single sign-on (SSO), and OAuth 2.0 flows.

The header specifies the token type and signing algorithm (typically HS256 or RS256). The payload contains claims — data like user ID, email, roles, and expiration time. The signature verifies that the token hasn't been tampered with.

Important: JWTs are encoded, not encrypted. Anyone can decode the payload — the signature only prevents modification. Never put sensitive data (passwords, secrets) in a JWT payload. This tool decodes the header and payload, shows the expiration status, and formats the JSON for easy reading — all client-side so your tokens stay private.